Tech Support Forum - View Single Post

**src2206** · 02-12-2007, 09:20 PM

Hello and welcome to TSF

.

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Thank you for the updated information regarding the false positive from CounterSpy. Still I would suggest that you go through the following steps to ensure that nothing is hiding in your system.

------------------------------------------------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

_________________________________________________________________

HJT Location:

You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

_________________________________________________________________

Disable Security Softwares

1. Please disable CounterSpy, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable CounterSpy:

Right Click on the CounterSpy Icon located in your system tray.
With your mouse, hover over Active Protection Status (This should be enabled)
A menu will slide out, then right click on Disable Active Protection

2. Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable Webroot SpySweeper:

Go to the Options>Program Options
Uncheck Load at Windows Startup
Click Shields & uncheck all items there
Uncheck Home page shield.

_________________________________________________________________

Fix

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

__________________________________________________________________

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

________________________________________________________________

Open HijackThis and do a System Scan. Post the content of the log file it produces.

_________________________________________________________________

Please provide the following logs with your next post:

Panda Scan
HijackThis (The last one)

02-12-2007, 09:20 PM	#6 (permalink)
src2206 TSF Enthusiast Join Date: Apr 2006 Location: Kolkata, India Posts: 2,068 OS: WinXP Pro SP3 My System	Hello and welcome to TSF . You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Thank you for the updated information regarding the false positive from CounterSpy. Still I would suggest that you go through the following steps to ensure that nothing is hiding in your system. ------------------------------------------------------------------------------------------------------------------------------------ Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. _________________________________________________________________ *HJT Location:* You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. _________________________________________________________________ *Disable Security Softwares* 1. Please disable CounterSpy, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable CounterSpy: Right Click on the CounterSpy Icon located in your system tray. With your mouse, hover over Active Protection Status (This should be enabled) A menu will slide out, then right click on Disable Active Protection 2. Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable Webroot SpySweeper: Go to the Options>Program Options Uncheck Load at Windows Startup Click Shields & uncheck all items there Uncheck Home page shield. _________________________________________________________________ *Fix* Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file) *Please remember to close all other windows, including browsers then click Fix checked.* __________________________________________________________________ *Online Scan* Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan ________________________________________________________________ Open HijackThis and do a System Scan. Post the content of the log file it produces. _________________________________________________________________ Please provide the following logs with your next post: Panda Scan HijackThis (The last one) __________________ Registered Linux user #426065